How can I add rules for PC LAN can transfer packets to PC WAN and backwards?



  • Hi all,
    I configured as follow:

    pfSense:
    LAN : 10.0.210.1
    WAN: 10.100.0.1

    Firewall setting:
    (My purpose is setting any LAN access to any WAN and backwards)
    On web, I added rules in LAN tab,
    Proto|Source|Port|Destination|Port|Gateway|Schedule|Description: |||||||
    and added rules in WAN tab,
    Proto|Source|Port|Destination|Port|Gateway|Schedule|Description: |||||||
    I don't know these rules is right or wrong.

    PC LAN can ping PC WAN and backwards.
    I have the application transfer TCP/UDP packets from PC LAN to PC WAN and backwards. While I used Wireshark to monitor packets, I couldn't see TCP/UDP packets.
    Obviously, without firewal, 2 PCs in the same network, the TCP/UDP packets transfer from PC LAN to PC WAN OK.

    How can I add rules for PC LAN can transfer packets to PC WAN and backwards?

    Thanks,
    Ha



  • @haluong:

    Firewall setting:
    (My purpose is setting any LAN access to any WAN and backwards)

    I presume you mean you want to allow a computer on the LAN to establish a "session" to any other computer. Once the session attempt is forwarded by the firewall, the firewall allows any response by the target computer. The default firewall rule allows LAN computers to access any other computer.

    @haluong:

    I have the application transfer TCP/UDP packets from PC LAN to PC WAN and backwards. While I used Wireshark to monitor packets, I couldn't see TCP/UDP packets.
    Obviously, without firewal, 2 PCs in the same network, the TCP/UDP packets transfer from PC LAN to PC WAN OK.

    How can I add rules for PC LAN can transfer packets to PC WAN and backwards?

    Did you try a wireshark capture while running a ping from LAN to WAN to verify you have wireshark setup correctly?

    Does the application establish connections only from LAN to WAN?



  • @wallabybob:

    I presume you mean you want to allow a computer on the LAN to establish a "session" to any other computer. Once the session attempt is forwarded by the firewall, the firewall allows any response by the target computer. The default firewall rule allows LAN computers to access any other computer.

    Did you try a wireshark capture while running a ping from LAN to WAN to verify you have wireshark setup correctly?

    Does the application establish connections only from LAN to WAN?

    Yeah, I want to allow a computer on the LAN to establish a "session" to any other computer.
    When I ping in PC LAN, Wireshark in PC LAN and ip.host=={PC WAN ip}, I saw in Wireshark, packets' protocol are ICMP.
    The application establishs connection by inputting PC IP or PC Name. When 2 PCs in same network, the connection is OK, but in different networks, it isn't. I want they can connect each other by anyway. I don't know how to set firewall to allow the connections. Could you please help me your ideas?



  • @haluong:

    The application establishs connection by inputting PC IP or PC Name. When 2 PCs in same network, the connection is OK, but in different networks, it isn't.

    "it isn't" is nowhere near enough detail - what application? what does it report? how does the application work - for example, do the two "ends" each try to establish a connection to the other end?

    Does a ping from a PC on LAN to a PC on another network get a response? If not, what is reported?

    @haluong:

    I don't know how to set firewall to allow the connections. Could you please help me your ideas?

    Default LAN firewall rules allow a computer on LAN to establish connections with any other computer. I'm happy to help with ideas but I don't have time or the interest to write down everything I might think of. I need more information to work with to help reduce the number of possibilities to consider.


Log in to reply